Know Your Rights: Data Portability, Objection & Other Privacy Protections at Eagle Aruba Resort

Privacy shouldn’t be complicated when you travel. This guide explains Data Portability, the Right to Object, and other privacy protections at Eagle Aruba Resort—what they mean, how they work, and the simple steps to exercise them. You’ll find clear definitions, timelines, and practical tips so you can stay in control of your information from booking to checkout.

Your Privacy Rights at a Glance

At Eagle Aruba Resort, you benefit from a comprehensive set of rights aligned with GDPR principles. These include:

• Right to be informed: Clear, written details on what’s collected, why, and how it’s used—shared before processing begins.
• Right of access: Confirmation whether your data is processed and access to that data.
• Right to rectification: Correct inaccurate or incomplete personal data.
• Right to erasure ("right to be forgotten"): Request deletion in defined circumstances.
• Right to restriction: Limit processing in specific cases.
• Right to data portability: Receive your data in a structured, machine-readable format and transmit it to another controller when conditions are met.
• Right to object: Object to certain processing, including direct marketing.
• Right not to be subject to solely automated decisions: Protection from decisions made only by automated means that have legal or similarly significant effects, subject to limited exceptions.

Data Portability: What It Means and How to Use It

What is data portability?

Data portability lets you obtain personal data you provided to Eagle Aruba Resort in a structured, up-to-date, machine-readable format. You can also ask to have it transmitted to another controller when technically possible.

When can you request it?

You can exercise portability when:

• Processing is based on your consent or a contract; and
• Processing is carried out by automated means.

What’s excluded?

Portability does not cover inferred or derived data—information generated by the resort as a result of analyzing your data.

Can data be sent directly to another provider?

Yes. You’re entitled to have your data transmitted directly between controllers whenever it is technically possible.

How to request data portability

• Use the resort’s website or contact the hotel to verify or remove data and to request your portable file.
• Email the Data Protection Officer (DPO) at marketing@eaglearuba.com to begin or follow up on your request.
• Timeline: You’ll receive a written response within one month of receipt. For complex requests, this may be extended to two months.

Right to Object: Take Control of How Your Data Is Used

Objecting to direct marketing

You have the right to object at any time to processing of your data for direct marketing. Once you object, Eagle Aruba Resort must cease processing your data for that purpose, including any profiling related to direct marketing.

Objecting to processing based on legitimate interests or for other purposes

If your data is processed based on legitimate interests or for purposes other than those for which it was collected (including certain profiling or statistical uses), you may object at any time. The resort will stop processing unless it demonstrates urgent and legitimate reasons that prevail over your interests, rights, and freedoms, or the processing is needed to establish, exercise, or defend legal claims.

How to object

• Submit your objection via the website or hotel channels.
• You can also email marketing@eaglearuba.com with your objection and the processing activity you want to stop.

Other Core GDPR Rights You Can Exercise

Right to be informed (transparency by design)

Before collecting your data, Eagle Aruba Resort provides written details including:

• Identity and contact details of the controller and (if applicable) its representative
• DPO contact
• Purposes and (if applicable) legal bases for processing
• Any legitimate interests pursued
• Recipients or categories of recipients
• Details of any international transfers and applicable safeguards (if relevant)
• Retention periods
• Your rights (access, rectification, erasure, restriction, portability, objection)
• The right to withdraw consent (if consent is the basis)
• Whether providing data is a legal or contractual requirement and possible consequences of not providing it

Right of access

You can obtain confirmation of processing and access to your personal data, including categories of data, recipients, retention periods, the source (when not collected from you), and information about automated decision-making. A copy of your data will be provided free of charge upon request.

Right to rectification

Request corrections to inaccurate data at any time and have incomplete data completed, including by providing an additional statement.

Right to erasure ("right to be forgotten")

You can request deletion when, for example:

• Data is no longer necessary for the purpose collected
• You withdraw consent and there is no other legal basis
• You object and there are no overriding legitimate interests
• Data was processed unlawfully
• Deletion is required to comply with a legal obligation

Where appropriate, the resort will inform recipients about the deletion unless impossible or disproportionate.

Right to restriction of processing

You may request restriction when:

• You contest the accuracy of data (for the period needed to verify)
• Processing is unlawful and you prefer restriction over deletion
• The resort no longer needs the data but you require it for legal claims
• You have objected and verification of overriding grounds is pending

During restriction, your data will only be processed (beyond storage) with your consent or for legal claims, the rights of others, or for reasons of public interest provided by law.

Right not to be subject to solely automated decisions

You have the right not to be subject to decisions based solely on automated processing, including profiling, that produce legal or similarly significant effects. Exceptions apply, such as when the decision is necessary for signing or performing a contract with you, or authorized by law.

How Eagle Aruba Resort Protects Your Data

Eagle Aruba Resort applies technical and organizational measures designed to safeguard your information:

• Secure transmission: All communications with the site use HTTPS with SSL encryption.
• Confidentiality: Internal security and confidentiality policies are in place and updated as needed.
• Regular audits: Ongoing reviews assess the effectiveness of controls.
• Staff awareness and training: Personnel involved in processing are trained and sensitized to data protection.
• Pseudonymization and coding: Personal data may be safeguarded using techniques that reduce identification risks.
• Data minimization by default: Only data necessary for each specific purpose is processed.

Data retention

Data is retained only for the necessary period to fulfill stated purposes, in line with the resort’s Data Retention Policy and any legal minimums.

Data transfers

According to the privacy policy, Eagle Aruba Resort will not transfer your personal data to recipients in countries inside or outside the EU and applies protective measures to keep information securely stored.

Personal data breach notification

If a breach is likely to pose a high risk to your rights and freedoms, Eagle Aruba Resort will inform you within 72 hours of learning of the incident. Notification may not be required if the breach is unlikely to result in high risk or if direct communication would involve disproportionate effort (in which case a public communication will be issued).

Who May Receive Your Data to Fulfill Services

To deliver services you request, your data may be shared with third parties under strict confidentiality and GDPR-compliant terms.

• Processors: Vendors processing data on the resort’s behalf under written agreements that define scope, duration, purpose, data types, data subjects, and obligations (consistent with GDPR Article 28). They may not transmit data to others without prior written authorization.

• Other recipients (categories):

  • Temporary-work agencies (temporary transfer of workers)
  • Companies operating commercial establishments inside the resort (guest supplementary services)
  • Insurance companies (services during a guest’s stay)
  • Parking, car rental, and garden maintenance services
  • Travel agencies and tour operators (reservations)
  • Advisers or lawyers (consultancy and legal services)
  • Additional services requested by guests, such as taxi service / airport transfers, car parking, car rental, restaurant reservations, and other activities

How to Exercise Your Rights

Eagle Aruba Resort makes it straightforward to act on your rights.

1. Start online or at the hotel: Use the website or hotel channels to remove or verify data stored by the resort, and to submit rights requests (access, rectification, erasure, restriction, portability, objection).
2. Contact the DPO: Email marketing@eaglearuba.com for assistance, clarifications, or to submit a formal request.
3. Timeline: Expect a written response within one month. Particularly complex cases may take up to two months (you’ll be informed of any extension).
4. Fair use: If a request is manifestly unjustified or excessive (including repetitive), the resort may charge administrative costs or refuse to comply.
5. Escalation: You also have the right to lodge a complaint before the competent authority via marketing@eaglearuba.com.

Quick Answers (Great for Featured Snippets)

• How long does Eagle Aruba Resort take to respond to a privacy request? Up to one month, extendable to two months for complex cases.
• Will my data be transferred outside the EU? No. The resort states it will not transfer your personal data to recipients in countries inside or outside the EU and applies protective measures to keep it secure.
• How can I opt out of analytics tracking on EagleAruba.com? Install Google’s browser add-on at https://tools.google.com/dlpage/gaoptout to disable Google Analytics during your visit.

Practical Tips to Stay in Control

• Be specific in your request: Identify the right you’re exercising (e.g., portability or objection) and the data or processing activity involved.
• Keep records: Save copies of your requests and the resort’s responses for your files.
• Use consistent contact details: Submitting requests from the same email you used to book helps streamline verification.
• Review notices before you share: Read the resort’s privacy information provided at the point of collection to understand purposes and retention.
• Use built-in tools: Leverage the website’s options to verify or remove stored data and to manage communications.
• Opt out of marketing: Object to direct marketing at any time to stop related processing.
• Limit analytics if you wish: Use the Google Analytics opt-out add-on for your browser if you prefer not to share usage data.

Conclusion

Knowing your rights—especially data portability and the right to object—helps you make informed choices and stay in control of your personal information at Eagle Aruba Resort. From secure HTTPS connections and clear notices to defined timelines and direct DPO support, safeguards are in place to protect your data and honor your preferences.

Have a question or want to exercise a right today? Contact the Data Protection Officer at marketing@eaglearuba.com or start your request through the website. For more details, explore the resort’s Privacy Policy and FAQ, and if you’re an owner, visit Owners Access for account-related information.